Privacy Statement – DTI Trade and Industry Assistant (TIA)

Version 2.1

Overview

The DTI Trade and Industry Assistant (TIA) Chatbot is an AI-powered platform that provides information and assistance to the public about the agency’s programs and services.  TIA responds to the frequently asked questions for each program from the DTI Functional Groups, Bureaus and Offices.

TIA Chatbot aims to provide a 24/7 automated program that can interact with customers regarding their inquiries/complaints about DTI services. Specifically, its objectives are:

  • Improve the response/resolution time of inquiries/complaints
  • Enhance the citizen satisfaction rating
  • Review and analyze the profile and nature of the inquiries/complaints for policy and process improvement

In processing consumer-related complaints, the Trade and Industry Assistant (TIA) is integrated with DTI’s web-based complaint portal, the Consumer Complaints Assistance and Resolution System (DTI Consumer CAReS). Complaint-related information is submitted by the consumers through TIA Chatbot and filed with the Consumer CAReS platform.

TIA Chatbot is implemented by DTI and its third-party service provider, Proto Global Limited.

This Privacy Statement will be revised accordingly when the platform undergoes enhancements and changes.

Purpose

In accordance with Department Administrative Order Number 23-02 Series of 2023, which aims to speed up the resolution of consumer complaints and establish a system for tracking and monitoring case handling, as well as generating reports, integrating TIA Chatbot into the DTI – Consumer CARe System is beneficial for meeting the department’s operational needs. Therefore, the processing of personal information by the DTI TIA Chatbot also aligns with the purpose outlined in Department Administrative Order Number 23-02 which includes handling consumer complaints lodged through the DTI – Consumer CARe System and resolving online consumer disputes.

Collection

Filing complaints through the TIA Chatbot would require collection of the following data from its users:

Complainants

  • Name (First Name and Last Name)
  • Social Classification e.g. Senior Citizen or Persons with Disability (PWD)
  • Sex assigned at birth
  • Contact Details (Email Address)
  • Address (Street Address, Barangay, City / Municipality, Province)

Additional information about the complaint is also submitted through TIA

  • Age Range
  • Complaint Details
  • Category
  • Date and Time of Transaction
  • Place of Transaction
  • Remedy Sought
  • Nature of Complaint
  • Proof of Transaction
  • Respondent Name or Business Entity
  • Respondent Authorized Representative Name (First Name and Last Name)

Inquiring about the Status of filed Complaints can also be accomplished through TIA, and will require the following information from the user:

Complainants

  • Name (Last Name)
  • Contact Details (Email Address)
  • Tracking Number

Use

All complaint-related information submitted through the DTI TIA Chatbot is interfaced with the DTI – Consumer CAReS platform and used by concerned office/s within the DTI for all legitimate purposes necessary and incidental to the resolution of a case, provided that information shared between TIA Chatbot and DTI Consumer CAReS may also be used for policy development and advocacy promotion of the Agency.

Disclosure and Sharing

The processing of complaint-related information submitted through this platform and shared with the DTI – Consumer CARe portal is performed by the following offices under the DTI:

  1. The Mediation Officer or Adjudication Officer and his/her immediate supervisor
  2. The Business Process Administrator
  3. The System Administrator
  4. The Undersecretaries and Assistant Secretaries of the CPG and the ROG; and
  5. The Consumer Policy and Advocacy Bureau, and
  6. The Office of Secretary and/or its designated Appeals Secretariat

The said data shall likewise be disclosed to all parties to the case/dispute.

Proto, the DTI implementing partner for the Trade and Industry Assistant (TIA) platform, has access to all submitted information through the chatbot. The following are the purposes of Proto for accessing submitted complaint-related data:

  • Data Transmission to DTI’s System: Proto may access the data to transmit it securely to the DTI’s Consumer CAReS or any other relevant authority’s system, as required by the complaint-handling process or regulatory obligations.
  • Analysis and Reporting: The data collected will be analyzed to identify patterns, trends, and areas of concern. As per request by DTI, Proto may generate statistical reports based on this analysis to provide insights into the nature and frequency of complaints, aiding in decision-making and policy formulation.
  • Quality Assurance: Proto may access the data to ensure the accuracy and completeness of complaints. This includes verifying information, resolving any inconsistencies, and conducting internal quality checks to enhance the reliability of the complaint data.

Storage, Retention, and Destruction or Disposal

Outlined below are the data privacy specifics of TIA Chatbot concerning the collection, storage, retention, and destruction of personal information.

Storage

All information is stored behind firewalls on Google Cloud Database servers, with access limited to authorized employees and third parties who are bound by confidentiality agreements. Collected information undergoes industry-standard security protocols, including advanced encryption for data in transit and at rest, secure maintenance practices, and regular audits.

Retention

Retention period of TIA Chatbot collected personal information and chatbot conversation in the Cloud Database is 3 years upon closure or completion of the filed complaints.  This includes information relative to the requirements in the DTI-Customer CAReS Platform.

Data Destruction

Upon termination of TIA Chatbot, it is ensured the automatic deletion of collected data within 30 days, unless required by applicable law to retain the data. This deletion process encompasses data removal from databases and any data storage services employed.

Risks

In the digital realm, data security risks often include unauthorized access to data, caused by weak security measures or breaches such as hacking. Additionally, risks exist in the transmission of data over the internet which isn’t completely secure. Consequently, it’s the user’s responsibility to maintain the confidentiality of her/his log-in credentials and to ensure she/he is not oversharing information with TIA chatbot.

As a countermeasure, TIA chatbot stores information securely behind firewalls and ensures its servers are guarded against unauthorized access with strong security protocols. However, even with our rigorous safeguards, the security of your data largely depends on your use habits. Hence, we urge you to handle your Proto-access credentials with care.

Security

At Proto, the company places utmost importance on the security and privacy of its customers’ data. Proto has implemented a comprehensive array of security measures to ensure the protection and confidentiality of all data entrusted to the organization. These measures encompass various facets of data security and are subject to continuous monitoring and updates to stay ahead of emerging threats. Below are the key security measures implemented by Proto:

1. SOC2 Certification:

     Proto’s AICX Platform and all business operations have earned SOC2 certification, affirming the company’s commitment to adhering to industry-standard security and privacy requirements. Proto conducts ongoing penetration testing to validate the security and privacy of customer data.

2. Security Principles:

     Proto strictly adheres to established security principles, continuously evaluating and enhancing security practices to meet the standards set by third-party compliance and auditing firms.

3. Processes and Enforcement:

     Team members at Proto are educated about and adhere to rigorous security processes. These processes are enforced from the onboarding stage and persist throughout their tenure, ensuring a consistent approach to data security.

4. Regular External Review:

     Proto conducts periodic external reviews, including penetration testing, vulnerability scanning, and security audits, as mandated by SOC2. These reviews help identify vulnerabilities and maintain the highest level of security for customer data.

5. Trusted Security Partners:

     Proto collaborates with esteemed security partners to enhance its security measures:

  • Vanta: Proto leverages Vanta’s suite of tools to streamline security standard compliance processes, ensuring the continuous performance of recurring security measures.
  • Security Journey: Security Journey provides educational tools for Proto’s staff members, facilitating recurring training to enhance their awareness and proficiency in data security.
  • CertN: Proto integrates CertN into its hiring process, conducting candidate background checks to enhance the security of the workforce.
  • Sentry Assurance: As a licensed security standard auditing firm, Sentry Assurance assists Proto in reviewing and certifying data privacy and security certifications, such as SOC2, demonstrating Proto’s commitment to transparency and accountability in security practices.

These collective security measures form a robust defense against potential threats and unauthorized access. Proto recognizes that data security is a shared responsibility, and the vigilance of customers in handling access credentials and responsibly sharing information is indispensable. While Proto implements stringent safeguards, it urges customers to handle their Proto-access credentials with care.

Proto is dedicated to maintaining the highest standards of data security and privacy. The company’s commitment to data security is unwavering, and Proto continuously invests in evolving security measures to protect the data entrusted to it.

Additional information on the processing of personal data related to consumer complaints can be found in the DTI – Consumer Complaints Assistance and Resolution System Privacy Statement.

DTI – Consumer CAReS Privacy Statement: https://podrs.dti.gov.ph/#/user-control/privacy-statement

Rights of the Data Subject

Users of the DTI TIA Chatbot platform have certain rights and protections under Republic Act No. 10173, also known as the Data Privacy Act of 2012.  These Data Subject Rights are explained in detail on the National Privacy Commission website.

Data subjects shall have the right to opt out of the system which shall cause the deletion of all uploaded and processed data.

URL: https://privacy.gov.ph/know-your-rights

Concerns, inquiries, or complaints about the processing of personal data by the DTI Trade and Industry Assistant platform can directly be communicated to the Office of the Undersecretary for Regional Operations Group – Business Name Registration Division at TIA@dti.gov.ph.